Learn about secure boot implementation using Linaro Trusted Substrate and Trusted Reference Stack in this 31-minute technical talk from the Yocto Project Summit. Explore how Linaro's Arm SystemReady IR and UEFI-compatible firmware works with TRS components to create a comprehensive secure boot chain. Discover the architecture behind hardware verification of UEFI firmware, kernel verification through Unified Kernel Image binary, and rootfs verification using dm-verity hash. Understand how TPM devices measure firmware components and enable encrypted filesystem creation tied to secure systems. Follow the journey of upstreaming these security solutions to various meta layers including oe-core/poky, meta-arm, meta-security/meta-tpm, and meta-secure-core.
Overview
Syllabus
YPS 2024.12 - Mikko Rapeli - Secure boot all the way to userspace and upstream
Taught by
Yocto Project
Related Courses
-
UEFI Secure Boot in U-Boot
-
Implementing UEFI-based Secure Boot and OTA Updates for Embedded ARM Devices
-
Updating Linux with TUX: Trust Update for Linux Kernel
-
Using the TPM NVRAM to Protect Secure Boot Keys in POWER9 OpenPOWER Systems
-
What Does It Mean to Trust Your Boot Process
-
Securing TPM Secrets in the Datacenter
